package com.ssi.permission;

import java.lang.reflect.Method;
import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.Signature;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import com.ssi.annotation.Premission;
import com.ssi.core.ContextManager;
import com.ssi.entity.core.ClientSecurity;
import com.ssi.entity.customer.Customer;
import com.ssi.service.security.IClientSecurityService;
import com.ssi.utils.Constants;
import com.ssi.utils.StringUtil;


@Aspect
@Component
public class PremissionMethodAspect {
    
    @Before(value = "@annotation(com.ssi.annotation.Premission)")
    public void preHandle(JoinPoint jp) {
        Signature signature = jp.getSignature();
        if (signature instanceof MethodSignature) {
            MethodSignature methodSignature = (MethodSignature) jp.getSignature();
            Method method = methodSignature.getMethod();
            Premission premission = method.getAnnotation(Premission.class);
            if (premission != null) {
                String item = premission.item();
                if(!StringUtil.isNullOrEmpty(item)){
                	IClientSecurityService customerService = ContextManager.getApplicationContext().getBean(IClientSecurityService.class);
                	List<ClientSecurity> securityList = customerService.queryForList();
                	
                	ClientSecurity currentSecurity = null;
                	for(ClientSecurity security : securityList){
                		if(security.getItem().equals(item)){
                			currentSecurity = security;
                			break;
                		}
                	}
                	//不为全站开发性资源
            		if(!currentSecurity.getTarget().equals("all")){
            			//customer类型资源，判断session是否记录
            			HttpServletRequest request = ((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getRequest();
            			HttpSession session = request.getSession();
            			Customer customer = (Customer) session.getAttribute(Constants.USER_SESSION);
            			if(customer == null){
            				throw new RuntimeException("权限验证失败");
            			}else{
            				//游客类型
            				if(currentSecurity.getTarget().equals("customer") && !customer.getUserType().equals("01")){
            					throw new RuntimeException("权限验证失败");
            				}else if(currentSecurity.getTarget().equals("guide") && !customer.getUserType().equals("02")){
            					throw new RuntimeException("权限验证失败");
            				}
            			}
            		}
                }

                //HttpServletRequest request = ((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getRequest();
                //request.setAttribute("exception", "权限验证失败");
                //throw new RuntimeException("权限验证失败");
            }
        }
    }
}
